Beware, Your smartwatch could reveal your ATM PIN

The smartwatches can help hackers to grab the secret ATM PINS, reveals a new research from Binghamton University and the Stevens Institute of Technology. In the paper titled “Friend or Foe? Your Wearable Devices Reveal Your Personal PIN”, the researchers have found that the smartwatches can be used to record anything you type by monitoring the hand movements.

Android Wear Smartwatches

The researchers have developed an algorithm by which they cracked the private PINs and passwords with 80% accuracy on the first try and more than 90% accuracy in the third try.

Commenting on the findings, Yan Wang, assistant professor of computer science within the Thomas J. Watson School of Engineering and Applied Science at Binghamton University, who co-authored the report said, “Wearable devices can be exploited. Attackers can reproduce the trajectories of the user’s hand then recover secret key entries to ATM cash machines, electronic door locks and keypad-controlled enterprise servers.”

The researchers have tried 5000 key-entry tests on three key-based security systems, including an ATM, with 20 adults wearing a variety of technologies over 11 months. In the test, the researchers recorded millimeter-level information of fine-grained hand movements from accelerometers, gyroscopes and magnetometers inside the wearable technologies. Those measurements gave an estimation of the distance and direction between consecutive keystrokes, which is used to break the PINs. The algorithm used to crack the PINs is called as “Backward PIN-sequence Inference Algorithm”.

“There are two attacking scenarios that are achievable: internal and sniffing attacks. In an internal attack, the hackers access embedded sensors in wrist-worn wearable devices through malware. The malware waits until the victim accesses a key-based security system and sends sensor data back. Then the attacker can aggregate the sensor data to determine the victim’s PIN. An attacker can also place a wireless sniffer close to a key-based security system to eavesdrop sensor data from wearable devices sent via Bluetooth to the victim’s associated smartphones,” Wang elucidated.

Perhaps, this would be first-of-its-kind study that detailed the vulnerability of smartwatches/wearables. Although the wearables are capable to track health activities, their small size prevent them from accommodating robust security system, which makes the data vulnerable to attacks.

The team of researchers have not developed a solution to tackle the problem yet. However, they suggest better encryption between the wearable device and the host operating system.

On a quick note, an immediate solution will be to not wear a smartwatch or fitness tracker on the same wrist of the hand, which you use to enter the PIN numbers.

The paper was published at the 11th annual Association for Computing Machinery Asia Conference on Computer and Communications Security (ASIACCS) in Xi’an, China. The research, funded by a grant from the National Science Foundation and the United States Army Research Office, is co-authored by Chen Wang, Xiaonan Guo, Bo Liu and lead researcher Yingying Chen from the Stevens Institute of Technology along with Yan Wang. The researchers are focusing on studies related to mobile device-related security and privacy projects.

Read more on:

9
Leave a Reply

avatar
Photo and Image Files
 
 
 
4 Comment threads
5 Thread replies
2 Followers
 
Most reacted comment
Hottest comment thread
7 Comment authors
Abhishek chatterjeeSouvikMunnuAviral SangalRia Lakshman Recent comment authors
newest oldest most voted
Ria Lakshman
Ria Lakshman

Haha..I didnt know you guys ate my head for suggesting a solution. Guess people are missing the point. It’s about the vulnerability of a popular technology. Hope we should be focusing that rather than about something trivial.

PS: Reasonless, but I wear watch on my active hand….:p

Aviral Sangal
Aviral Sangal

Then probably you will spill your drink on yourself(remember Pepsi advert) when someone ask for time from you because humans tend to hold things better in their active hand.

Aviral Sangal
Aviral Sangal

And even by chance they get my ATM pin what will they do? They do not have my card. This is totally dumb research.

Munnu
Munnu

Research is talking about vulnerability of smart watch which could be potentially exploited.
You people have missed this point and went full retard because only retarded people spill their drink on themselves, it’s got nothing to do with the watch. A universal truth.
Also note, hand could either be ‘dominant’ or ‘non dominant’, there’s nothing like active or non active hand.
If you’ve got non active hand, it is called paralyzed hand. Go see your doctor!

Abhishek chatterjee
Abhishek chatterjee

ICICI & Bank of India ATM’s you don’t need your card to withdraw funds from their ATM’s..

2nd thing online Bill desk payment gateway don’t ask 3D secure password to payment, you also enter your ATM pin to transaction your payment.

Souvik
Souvik

The smartwatches can help hackers to grab the secret ATM PINS, reveals a new research from Binghamton University and the Stevens Institute of Technology. In the paper titled “Friend or Foe? Your Wearable Devices Reveal Your Personal PIN”, the researchers have found that the smartwatches can be used to record anything you type by monitoring the hand movements.

Batman
Batman

Better eating a stash of fried snacks

Recent Posts

BSNL and MTNL Asked to Explain the Turnaround Strategy by DCC for Financial Support

The Digital Communications Commission (DCC) on Thursday asked loss-making telecom PSUs BSNL and MTNL to explain their turnaround strategy and...

Oppo F9 Pro Price in India Reduced by Rs 2,000 Ahead of Oppo F11 Pro Launch

Oppo has now slashed the price of its F9 Pro smartphone in India by Rs 2,000. The new price of...

RCom Asked to Clear Dues of Rs 453 Crore to Ericsson Within Four Weeks

Observing there was a ‘wilful default’, the Supreme Court on Wednesday held Anil Ambani, chairman of Reliance Communications (RCom), guilty...